PuTTY: SSH Failing to Authenticate on RHEL 8 crypto policies FUTURE
PuTTY: SSH Failing to Authenticate on RHEL 8 crypto policies FUTURE
Hi,
We're hardened our RHEL 8 servers to CIS benchmarks and are trying to get RDM to SSH onto the RHEL 8 server using a RSA SHA256 4096-bit SSH key.
When using the default SSH Shell, the connection is refused with the following error message in the sshd logs:
sshd[19909]: debug2: input_userauth_request: try method publickey [preauth]
sshd[19909]: debug2: userauth_pubkey: valid user test querying public key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8qhofonyYtc+kPGCsNOtLHnqmbtaf42C6HTFnNG7/QMxSyLFgMKaBnUiazOM0XVyzz/FyZtAgI55zE8tIxrXasD2BSIb7qp0XparnJJNAyHtDyzvFiSP/ii70X2/WqZWA...
sshd[19909]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth]
However, when I create a SSH connection with the legacy SSH Shell (Rebex), the SSH session authenticates without any issues.
input_userauth_request: try method publickey [preauth]
sshd[20385]: debug2: userauth_pubkey: valid user test attempting public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAACAQC8qhofonyYtc+kPGCsNOtLHnqmbtaf42C6HTFnNG7/QMxSyLFgMKaBnUiazOM0XVyzz/FyZtAgI55zE8tIxrXasD2BSIb7qp0XparnJJNAyHtDyzvFiSP/ii70X2/WqZWA...
sshd[20385]: debug3: userauth_pubkey: have rsa-sha2-512 signature for RSA SHA256:PC3mZk8N73Iw... [preauth]
Can you please help be troubleshoot this issue as we don't want to rely upon the legacy SSH shell.
All Comments (6)
Hi Steve,
We found that this algorithm for that type of signature wasn't implemented in the SSH Shell entry.
A ticket has been open with the engineering department to integrate it.
Regards,
David Grandolfo
Morning David,
That's good news, any idea when I'll be able to test this?
Hello,
Regrettably, the Support Department cannot provide an exact release date as the full process (Build – Quality Assurance – Release) is out of our control.
The engineering team needs to implement a fix. After that a series of events must take place:
- A pull request must be approved, by a peer primarily, but sometimes also by a security specialist;
- A build must be generated;
- The whole build contains typically many fixes, which each must be validated by our QA department
- if need be, the build is rejected for a specific issue, or a combination thereof, which would trigger another build cycle
Best regards,
David Grandolfo
Hi Steven,
The fix of this issue is now available in RDM Beta 2020.2.4 (http://remotedesktopmanager.com/Home/Download#Beta).
This version require a database upgrade.
Regards,
David Grandolfo
Hi,
Apologies for the delayed response. I was able to test the above beta client today and can confirm that it is working as expected with "SSH Shell".
Any idea when this will be released for Windows and Mac OSX clients?
Regards,
Steven
Hi Steven,
This will be available in RDM Mac 2020.2.0.0 which will release in the coming weeks.
Best regards,
Xavier Fortin